Web lists-archives.com

[Samba] Domain Trust - Single Sign On




G'day All,

    I am not sure if this is the right place to ask, but here goes.

Back ground:

The Uni I work at runs their corporate MS AD. I work in the School of Computing, and we've set up our own AD (Samba4), and have it tailored to suite our needs. We manage our own accounts separately from the corporate accounts. However, our dean wants "single-sign on". From his point of view, that is same usernames and passowrds. From our point of view same usernames and passwords is fine, however, we need to have the AD working the way we use it too. Using the corporate AD won't give us that, and will break almost everything we do.

    So here is the question:

Is there a way we can get our AD to Ask their AD to authenticate a user, but still use our AD's users' set up? eg: unix attributes, groups, group policies etc.

We've briefly looked at trusts but are not sure it will do what we want. None of us are AD people, so we are a bit stuck.

    Any hints, ideas, or solutions appreciated

I guess it boils down to: How would a large corporation have one source of username/passwords, and multiple separate areas where their users's attributes, policies, group membership etc are managed separately?

--

Cheers,
David Minard.
Ph:    0247 360 155
Fax:    0247 360 770

ITDS - ACE - SSTaRS
Western Sydney University
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith NSW 2751

[Sometimes waking up just isn't worth the insult of the day to come.]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba